Occasional Contributor II

Controller Authentication against Windows NPS

i have multiple  SSID get authenticated against a Windows Active Directory acting as a Radius Server using NPS, how do i force the authentication for every SSID to be against one Active directory user group.


Re: Controller Authentication against Windows NPS

Your NPS config should have 1 or more network policies.

In the applicable network policies you can add a condition "User Groups".  Any user not belonging to the User Group you configure there will fail that network policy and be denied access.


Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.
Valued Contributor II

Re: Controller Authentication against Windows NPS



You can meet your requirement by the following steps,

1. Configure VAP profile and Map SSID and AAA profile to VAP profile, how many SSIDs you want to broadcast those many VAP profiles are needed. all thse VAP profiles should have unique SSID profiles but you can map the same AAA profile to all the VAP profiles.


2. Create a RADIUS server ( Configuration-->Authentication-->Servers) and map this server to a server-group

3. map the server-group to the AAA profile which was mapped to the VAP profile.


The above steps will insists whole traffic of all SSIDS to the server configured and mapped to the server-group.


4. in NPS create a Remote access policy mapping to the user group with access policy, here we can configure any number of policies and the execution will be top to bottom. if the authenticating user do not belongs to any of the user group mapped in the policy will be denied.


For your ref :




This requirement is very easy and flexible with CPPM. if you get a chance try with CPPM.

Venu Puduchery,
[Is my post helped you ? Give Kudos :) ]
Search Airheads
Showing results for 
Search instead for 
Did you mean: